Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Data Storage Government Privacy The Courts News

Online Storage For Lawyers? 287

Posted by timothy
from the due-diligence-best-practices dept.
alharaka writes "I have a relative that has been a lawyer for over two decades. In passing conversation, he revealed to me that he has a great deal of his data stored on floppies. Naturally, as an IT guy, I lost it on him, telling him that a one-dimensional storage strategy of floppies was unacceptable. If he lost those files, his clients would be enraged. Since I do not know much about online data storage for lawyers, I read a few articles I found on Google. A lot of people appear to recommend CoreVault, since a few bar associations, including Oklahoma, officially endorsed them. That is not enough for me. Do any Slashdotters have info on this topic? Do you have any companies you would recommend for online data storage specifically for lawyers? My relative is a lawyer with recognition in NJ, NY, CA, and DC; are there any rules and regulations you know of regarding such online storage he must comply with? I know IT and not law. I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"
This discussion has been archived. No new comments can be posted.

Online Storage For Lawyers?

Comments Filter:
  • Yes. (Score:5, Funny)

    by Aaron_Pike (528044) on Wednesday April 15, 2009 @01:21PM (#27588781) Homepage
    I firmly believe we should store lawyers online.
    • TrueCrypt? (Score:5, Funny)

      by Anonymous Coward on Wednesday April 15, 2009 @01:23PM (#27588811)

      Come to think of it, I think we should store them in *actual* true crypts... ;-)

      • Re: (Score:3, Funny)

        by scotay (195240)

        *actual* true crypts at the bottom of the sea.

        That way you get a natural coral reef.

        • by Daravon (848487)

          Aren't the Somalian pirates pissed off enough at us with the environmentally damaging wasted dumped into their oceans? They'll declare a full scale war if we start dumping lawyers there (and War +2 if they wash up on shore).

        • by V!NCENT (1105021)

          Lawyers are there to defend people that hire them. Do you want to be unable to hire someone to defend you in court while you have no knowledge about laws and regulations to defend yourself? Didn't think so either.

          What we need is to send corrupted people with a lot of power to the bottom of the ocean. Along with the faulty parts of the human instinct and then get rid of goverments, get together and live a peaceful live where we dedicate ourselves to art, science and other communistic, hippy and anarchy style

      • Re: (Score:3, Informative)

        by kasperd (592156)
        Before anybody starts using TrueCrypt for encrypting data to be stored online, let me warn you, that TrueCrypt was not designed for that. Several years ago TrueCrypt switched to LRW because the encryption mode used before that was vulnerable to some watermarking attacks. However the LRW encryption was even more vulnerable in case an adversary is able to get a copy of the encrypted data from two different points in time. What that means is, that if you just have the encrypted container stored online using so
    • For persistency, I like to store them in the freezer.

    • by MarkGriz (520778)

      I firmly believe we should store lawyers online.

      ...and then nuke it from orbit.

    • I firmly believe we should store lawyers online.

      I completely disagree. I think all lawyers should be taken offline and powered down immediately. It's for the good of humanity!
    • by thewiz (24994)

      Aaron,
      Do you realize how much wasted space that would be?

    • Re: (Score:2, Funny)

      by chappel (1069900)

      I'd like to see more stored at /dev/null

    • by Locke2005 (849178)
      Wouldn't they be much more useful if we used them as speedbumps?
  • A Few Helpful Lists (Score:5, Informative)

    by eldavojohn (898314) * <eldavojohn@nOsPam.gmail.com> on Wednesday April 15, 2009 @01:21PM (#27588783) Journal
    Well, there's a list of online backup services [wikipedia.org] on Wikipedia that's probably only half of what's available so if you feel you are lacking options and would like to help your friend out, you can do a thorough comparison matrix containing his priorities and rate each of them. You might be able to find viable options in the list of file hosting services [wikipedia.org] as they use encryption.

    As a lawyer with recognition in NJ, NY, CA, and DC, are there any rules and regulations you know of regarding such online storage he must comply with?

    Ahahahahaha, you are asking Slashdot for advice on legal rules and standards to assist a lawyer?

    Look, you're probably going above and beyond what a normal lawyer did back in the day: throw a piece of paper in a filing cabinet in his office. Subject to fire and theft, sure, but I doubt the law has changed enough to make that illegal. CoreVault looks good, you can also visit each of the state bar association pages you listed and find things like NY State Bar Association offering a discount at VENYU for offsite data storage [nysba.org] which is probably as close as you'll get to an endorsement. Have you thought about calling each state bar association office and asking them what they use/recommend?

    • by Anonymous Coward on Wednesday April 15, 2009 @01:42PM (#27589051)

      IAAL and using any of these services is suicide.
      Store your documents IN A FIREPROOF SAFE or VAULT ON PAPER.
      Use a document scanner for retrieving them if you lose the electronic originals.
      Disclosure to a 3rd party is suicide as your atty-client confidentiality could be lost (what happens if the 3rd party gets subpoenas?). Losing data is suicide because it shows a lack of due diligence.
      Use paper. It works. or burn to 2X archival CDR and THEN use paper. whatever floats your boat.
         

      • by Captain Splendid (673276) <capsplendid.gmail@com> on Wednesday April 15, 2009 @02:24PM (#27589527) Homepage Journal
        Speaking as someone who runs a small law firm, parent has it mostly right, especially in regards to the document scanner. We live and die on paper, so we make a lot of effort to keep the physical and digital versions safe. As for online storage, HDs are cheap, and even several million pages of text documents won't break anyone's bank.

        I've never understood the online storage appeal for just about any commercial entity, but for a law firm, that just ain't gonna happen.
        • Re: (Score:3, Interesting)

          by DiegoBravo (324012)

          > I've never understood the online storage appeal for just about any commercial entity, but for a law firm, that just ain't gonna happen.

          I have the theory that lawyers get seduced by the seals stamped on papers -and like gamers, the have a special appeal for the more 3d ones- (obviously, digital firms are not understandable nor artistic, so any kind of digital storage is secondary.) That "seduction" is so strong that they yet carry the idea that more seals = more authentic.

        • Re: (Score:3, Insightful)

          by nametaken (610866)

          Commercial entities usually love it for a number of reasons.

          If my building burns down, they have a copy.

          If I get infected with something that wipes out/corrupts my data, they have a copy.

          They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

          They have facilities specifically designed to safely store my data. I may not.

          There are lots of good reasons.

          • Re: (Score:3, Insightful)

            by ixidor (996844)
            exactly. i did support for a small accounting firm, anyone here felt the pain ofgoing from quickbooks 05,06 to 2008 ... omg that sucked. i had bought them a cheap prepackaged nas box from newegg, around $200. then in the QB2008 documents it says specifically not to do this, 4x the network overhead. so i looked around for online storage. and i have a question related to the lawyer theme, if the data is encrypted in the online storage place, evan if they were to be subpoena'd what would they get ? unusable en
          • Re: (Score:3, Insightful)

            If my building burns down, they have a copy.

            If I get infected with something that wipes out/corrupts my data, they have a copy.

            Yawn. The backup to the backup should be in the managing partner's house. It's ultimately his or her job anyway.

            They have a dedicated IT staff that specifically manages the security and integrity of my data. I do not.

            They have facilities specifically designed to safely store my data. I may not.

            Talking different levels of money here, that's all. Online storage i
          • Agreed, but I think lots of SME's treat online backup as a magic bullet (it's the same type of thinking that says Symantec = no risk of virus infection).

            You hear what happened to Carbonite recently?

        • Let me first throw out everyone's favorite acronym: IANAL

          That being said, I used to do on-site service and consulting work for a number of area law firms, and saw several different backup strategies they employed.

          Where I saw the online storage concept being put to best use was for email. The law offices I've seen who tried to run their own mail server, in-house, were *always* putting their data at some level of risk of loss.

          In some cases, you had firms using Novell Groupwise as their messaging system, a l

      • by quantumplacet (1195335) on Wednesday April 15, 2009 @02:28PM (#27589589)

        You do know that you can back up to a 3rd party and still maintain sole access to the data, correct? All of our backups are encrypted using a 448bit key that only we have access to. If our backup provider is subpoenaed they can give all my data to whoever they want, it's just a meaningless binary blob.

        • Re: (Score:2, Funny)

          by archangel9 (1499897)
          Same here. Ours is encrypted offsite w/Blowfish and a 256-bit alphanumeric key. Our data company sees nothing but a bit chunk of data and nothing more. Good thing I have that key written down on a sticky note next to my monitor for safe keeping.
          • bah. (Score:3, Funny)

            What you really need to keep your data secure is use a secure password like the one we use at my company -- 23$wu!x6 -- we've been using that password for a while now and never had any problems.

        • Re:Encryption (Score:4, Insightful)

          by SirGarlon (845873) on Wednesday April 15, 2009 @02:54PM (#27589931)
          And it would be smart to store the key/passphrase on paper in a safe, in case you get hit by a bus and your partner/assistant urgently needs a client's file. IANAL.
          • Re: (Score:3, Informative)

            by MrKaos (858439)

            And it would be smart to store the key/passphrase on paper in a safe, in case you get hit by a bus and your partner/assistant urgently needs a client's file. IANAL.

            The banks (I worked in) did it by storing half of a key in two safes, two different managers have access to their particular safe. Each is asked to enter their half of the key when it's required (get's them involved in the data's ownership too). No one actually knows the entire key.

            It's a function of the role to have appropriate access. YMMV

      • Disclosure to a 3rd party is suicide as your atty-client confidentiality could be lost (what happens if the 3rd party gets subpoenas?). Losing data is suicide because it shows a lack of due diligence. Use paper. It works. or burn to 2X archival CDR and THEN use paper. whatever floats your boat.

        I think that might be resolved by encryption, like plausible deniability. [truecrypt.org]
        Then again, if client/attorney relationship is a problem, and the client is paranoid, have him encrypt the documentation himself with his public key, send it to you encrypted further with your public key, and store it somewhere. This way, the only way to access those backups will be by asking both for the private keys, and no one can tamper with the actual content indipendently of the other.

      • I'm not a lawyer, but I can understand how having complete control over your data would be important. So here is my suggestion:
        • Set up at least two linux boxes to use as file storage. Separate them geographically so at least one will survive if a building burns down. If you don't have two controlled physical locations (e.g. home and office), then set up one or more virtual machine accounts at a hosting company to fill in the gaps.
        • Set up pre-shared ssh keys on the boxes to establish secure communication.
        • P
      • by anagama (611277) <obamaisaneocon@nothingchanged.org> on Wednesday April 15, 2009 @06:53PM (#27592737) Homepage

        IAAL too, and I wouldn't feel comfortable with any particular service in which the service owner could have access to my files or the keys/passwords for decryption. I simply won't entrust my data to a third party, not even my calendar to Google Calendar. I do however perform nightly automated backups to a remote server.

        My system works like this:
        - in my office, tar the data into a single file, encoding the date into the filename.
        - mcrypt that tar file.
        - transfer the encrypted tar to a virtual private server via ssh. (*)
        - on the VPS, I have a script that keeps a set of my backup files: the last 7 days are kept, and then mondays for the previous 7 weeks.

        The risk is that my VPS or another VPS on the remote machine might be hacked and my data files exposed. However, because the data files are encrypted as well as can be by present standards, it is highly unlikely that the actual data will be exposed even if my account was hacked. The person would simply get a set of encrypted files. I suppose it would be possible for a person to grab my files, and 20 years later decrypt them. I think that worry starts to get a bit foil-hatish in that I don't work with terribly sensitive information -- at least not the kind that someone will wait decades to be able to decrypt.

        Even if my data was somehow decrypted, I feel that I have performed sufficient due diligence under the rules in my state (**). In fact, there is no data existing anywhere that cannot through some highly contrived set of circumstances, cannot be revealed. I do feel I'm doing a better job than if I merely stored the files in a locked storage closet. Taking a bolt cutter to a masterlock and then trundling off CDs, papers, or thumb drives is way easier than decrypting my files. Any safe I can afford can probably be picked in 30 seconds by some 13 year old kid looking for cred on YouTube. Lastly, I have no doubt my encrypted files on the VPS are more secure than files located on a computer through which the internet is accessed by a web browser.

        Anyway, I do feel I'm going beyond what most lawyers do with backup security. Of course there are certain unlikely possible breaches -- but I'm not required to protect against all of them. For example, I don't need to personally hand deliver all paper documents because I'm allowed to use the mail. What could be less secure than documents protected by a paper envelope?

        As an added bonus, because my backups are nearly 3000 miles away (I'm on the Pacific, my VPS is on the Atlantic), even a devastating regional disaster will not cause me to lose data. If a disaster is so bad as to stretch from sea to shining sea -- my files will be the least of anyone's concern.

        (*) I only get 15gb of space, but it only costs $10/month. It's running CentOS 5, no webserver or anything else, just ssh.

        (**) Comment to WA State RPC 1.6 (confidentiality and information):
        [17] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the
        reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.

    • by Chabo (880571)

      Ahahahahaha, you are asking Slashdot for advice on legal rules and standards to assist a lawyer?

      I think he was hoping for two replies:

      1) NYCL, or one of our other resident lawyers, giving him the advice he needs.
      2) Someone else replying to that lawyer, saying simply "/thread".

      • Re: (Score:2, Funny)

        by KDR_11k (778916)

        Or

        3) He was hoping for the lawyers to identify themselves to build a list of names for the Ark B.

  • Why online? (Score:5, Interesting)

    by captaindomon (870655) on Wednesday April 15, 2009 @01:21PM (#27588787)
    Why online storage? Why not just copy everything to a couple USB drives and then backup off-site occasionally with DVDs? It's not like we're talking about a lot of storage, they're probably just text documents mostly, right?
    • Re: (Score:3, Insightful)

      by berend botje (1401731)
      Almost anything would be better than a stack of floppies. Get the guy two usb harddrives and get it over with. No need to over-engineer the solution.
    • Re:Why online? (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Wednesday April 15, 2009 @01:29PM (#27588889) Journal
      Barring(har, har, not intended) poor recent graduates slaving to pay off giant loans and shoestring do-gooder types being paid in peanuts to keep poor kids off death row, I strongly suspect that most lawyers have more available cash than available time or technical expertise.

      Copying everything to a couple of USB drives is exactly the sort of thing that is easy to forget to do, and potentially disastrous. Far better to pay a fee that, for a bunch of mostly text documents and some .tiff scans, won't be all that high, and have it done for you.
      • I agree 100%.

        Depending on the size of his office, I'd either suggest a full-fledged CMS, or using a secured backup service like the ones available from Iron Mountain.

        For a couple thousand bucks a year, he could have all his data and documents backed up daily by Iron Mountain. Not sure about legal requirements, though -- but if you call them, any vendor who is qualified will be able (and happy) to provide compliance certs or letters for the states in question.
      • Re:Why online? (Score:5, Informative)

        by TheRaven64 (641858) on Wednesday April 15, 2009 @02:01PM (#27589273) Journal
        I've worked with a couple of companies that had the same kind of requirements:
        • They can't afford to lose the data.
        • They can't take if off-site without some additional constraints (e.g. stored in a safe, encrypted).
        • The users don't want to have to understand the technology.

        A lot of these companies currently use a third-party warehouse with locked cages and transfer photocopies of court documents there for off-site storage, and want something a bit more high-tech.

        The best solution I've come across is an on-site RAID-5 NAS with hourly snapshots. If they can store their data on floppies now, it is almost certainly less than 1GB. Put this on a three or four 250GB disks in a RAID-1 array (no point in RAID-5 when you've got that little data - go for the extra redundancy) which takes (volume-level) snapshots every hour (something like GEOM or ZFS snapshots). Every work night, burn the latest snapshot to a DVD and give it to the boss to take home and put in his safe. He should store the most recent 5 backups there and, n week-end backups. If you're not using ZFS on the server then make sure you're using something else to check for single-sector corruption.

        Note: This is not legal advice. I know some law firms one accountancy firm who use this system, but I am probably not in your jurisdiction and you may have additional regulatory / legal requirements. Fortunately, if you are a law firm, you can probably consult a lawyer and get some legal advice cheaply...

        • Re:Why online? (Score:5, Insightful)

          by snowraver1 (1052510) on Wednesday April 15, 2009 @02:40PM (#27589753)
          Every work night, burn the latest snapshot to a DVD and give it to the boss to take home and put in his safe.

          HAHAHA hahahahahahahahahaha ha ha, whew. That's funny. Who is loading the dvd drive?

          Gather 'round boys and girls, it's story time. My dad was a lawyer for somewhere around 30 years. At the time, he and 4 other partners togeather made up their law firm. Because each of them were essentially seperate from each other, they tended to have their files stored either on their own comptuer, or on their secretary's computer.

          My dad was smart enough to know that this probably wasn't the best setup, so he hired an "IT Professional" to fix this problem. The computer guy came in and set them up with a small server which would be a centeral repository for digital files. This server would then do daily (possibly weekly, can't recall) backups. The secretarys would then take the tape home with them over night.

          Not a bad setup. This system was in place for several years. One day, one of the secretaries computer's HDD died. The office called the guy that had setup this system for them to have the HDD replaced. What happened next will require a new paragraph.

          I get a call that day from my Dad. I was weeks away from graduating from Computer Engineering at a local technical school. My dad calls, clearly upset. Apperantly a while ago there was some problem that they had to call the "IT Guy" for. The "IT guy", in the process of fixing that problem, changed it so that the secretarys computers and I think 1-2 of the lawyer comptuer backed up to one of the secretary's comptuers, and not the server. Well, guess which computer died? You know it, the secretary's computer that was holding the backups it shouldn't have been.

          No problem right? They were taking weekly backups and taking them off site. Well... Turns out that in the process of moving the backups to the secretary's computer, he was also preventing that data from being backed up. Essentially, the backups were only backing up 1/2 the data.

          So, I'm just about to graduate, I get this call from my dad, and he tells me the story. I tell him what he already knows, no data should be on the comptuers, it should all be stored on the servers and backed up. The next day my dad's firm and the "IT Guy" had a meeting. This guy was scared shitless that he was going to get his pants sued off. Not all lawyers are bastards, my dad and the firm told him to send the HDD to a data recovery specialist and told the IT guy that he would be responsible for the bill. The data recovery was partially successful.

          Losing that much data caused real problems at the office. Some lawyers were hit harder than others. My dad got through it just fine. My dad had a system where everything was done in triplicate. Document was saved on computer (1), printed and attached to the client file (2), I'm pretty sure that he also printed a third copy to send to Iron Mountain. When the data was lost, he still had the paper copies, the other lawyers wern't so lucky.

          Having seen that, I would recommend printing and filing EVERYTHING. Most lawyers change outragous rates for printing anyways, so why not? So, I would say that you should definately take precautions against data loss, the hard copy should be your real backup.
          • Re:Why online? (Score:5, Insightful)

            by jra (5600) on Wednesday April 15, 2009 @03:23PM (#27590345)

            And *this*, boys and girls, is an altogether excellent example of why professional system administration talent is well worth whatever you have to pay to have it around.

          • Re:Why online? (Score:4, Interesting)

            by brtech (1019012) on Wednesday April 15, 2009 @03:47PM (#27590753)
            One good story deserves another, from several years ago

            There was this medical device manufacturer. It had an older product, pre-microprocessor. One day, the FDA came for an inspection. When they do that, they usually send at least one person with clue, but they cross train other people and send them too. On this inspection, one of the inspector's regular job was inspecting galleys in ships (another FDA function you may not know about). This guy had been cross trained.

            So, they are walking down the manufacturing line, and the employee shows them the board from the product. One of the chips has a label on on. The inspector says "PROM"? Meaning, is that chip a programmable read only memory (like today's flash, but usually one time programmable and a lot smaller). The employee says "Yes, that's a PROM". The inspector says "Checksum?" and the employee says "yes, the checksum is on the label". The inspector says "Verify?" and the employee takes the board, pulls the chip, goes over to the programmer, plugs it in and verifies that the checksum is valid.

            The inspector says "Source Code?". The employee is a bit stumped. He goes away to ask some engineers who were around for a while, then goes to the manufacturing engineering guys and finally goes back to the inspector and asks them to accompany him to a storage room.

            In the storage room, there are a number of 4 drawer file cabinets. The employee searches around, and finally finds the right file.

            The file has the right build data on the cover. He opens the file and triumphantly removes the floppy disk with the source code on it.

            An 8" floppy disk.

            You know what's coming right?








            No 8" drive left in the company.
      • The average attorney salary is ~$60k per year. And that is with $300k+/yr equity partners pulling the average up.
        I was in my 1st year of law school when I found out that I was making more as an engineer (BSEE) than most lawyers were making. (Fortunately, my company was paying for school & guaranteeing me a job upon graduation that involved a pay-grade jump every year for 4 years.)

        The truth is, there are just too many lawyers.
        Most of them can't find a job in a "real" law firm. So, instead they have to

      • by Zordak (123132)

        Well, I'm one of those poor slobs working for the Man to pay off my ridiculously-large student loans, and I still have more money than time; meaning I give myself a little $30 allowance twice a month when I get paid (you'll have to ask my wife how the rest is parceled out because I have no idea). That's humongous compared to my free time (which is just enough to post a comment on /. on occasion).

        As for technical expertise, once upon a time I designed a simple RISC processor for an undergrad class, but I

    • by maroberts (15852)
      Seconded - if he's been able to live with floppies before, a USB key ought to hold all the documentation he ever needs, possibly using more than one for a backup cycle. He just needs to backup his documents, and possibly ensure the backups are encrypted for security so that the loss of a key does not cause loss of confidential data.
      • Online storage of legal documents sounds like an invitation for trouble. A lot of lawyer paperwork would probably be protected from searches as privileged, but whatever happens to it on some off-site storage facility subject to subpoenas would be questionable.
      • by hurfy (735314)

        Is a USB key any more reliable than a floppy? I have had rotten luck with them lasting any length of time :(

        Is the floppy the only copy? Put one back on the HD perhaps?
        Copy to a USB HD drive.
        Burn to CD/DVD. not much better than floppy again :(
        Tape is still good longterm, a used tape drive perhaps(DDS4+controller=$100)
        Paper and a file cabinet. At least paper is still readable in 10 years.

        all of the above?

        Why online? Does he need to access remotely? You still need (at least) one of the above in case the onlin

    • There's no reason online can't be secure. Online means it's automatically offsite and that a 3rd party has the time and incentive to be sure it's actually working.

      2 years ago I founded https://spideroak.com/ [spideroak.com] for this exact situation -- wanting a zero-knowledge approach to encryption. We explicitly don't know anything about your data. We just see boring sequentially numbered data blocks on the server. Instead of a EULA, we have a "remember your password" agreement.

      You can combine data from unlimit

      • Re: (Score:3, Insightful)

        by networkBoy (774728)

        What encryption does your service use on your end?
        What encryption is used to TX/RX the data from the client?
        I particularly like the de-duplication aspect, however I don't trust you (as I am sure you do not trust me). Is there any issue with uploading TrueCrypt container files to your service (maximum single file size, etc.?)
        Looks good, especially for $1/gig/year...
        -nB

  • by peacefinder (469349) <alan...dewitt@@@gmail...com> on Wednesday April 15, 2009 @01:24PM (#27588825) Journal

    Scan the lawyers and shred the originals. You'll be very popular.

  • omfg... (Score:5, Insightful)

    by gandhi_2 (1108023) on Wednesday April 15, 2009 @01:27PM (#27588853) Homepage

    a few bar associations, including Oklahoma, officially endorsed them.

    I see.

    That is not enough for me.

    uh, huh.

    Do any Slashdotters have info on this topic?

    *head explodes*

  • How about paper? Or has that gone out of style?
    • by hedwards (940851)

      There are a few problems there. Backups, storage, securing said copies, finding information in a timely fashion.

      Admittedly, paper is a step up from floppies in ever way except space, but it's definitely not a great solution.

      Best would be something where it's kept encrypted from computer to server, stored in two locations and where one would keep the originals encrypted when not at the keyboard.

      Probably anything compliant with HIPAA would be sufficient.

  • So basically what we have here is a lawyer asking, by proxy, for legal advice on Slashdot. ???
  • by Anonymous Coward on Wednesday April 15, 2009 @01:39PM (#27589011)

    I have used Mozy for several law offices, primarily because you can specify your own 256-bit AES encryption key. Not even Mozy has access to your data.
    In California the bar association regulations require that a law firm takes "reasonable care" of client data. That's it. Kinda Scary.

    • I have also used Mozy, specifically MozyPro, for my company, for more than a year.
      I had a terrible experience with it, the client initially worked well, but is so badly written that as you get to multi-gigabyte volumes, the incremental scanning kills completely stalls the OS.
      So: whatever you choose, test it for a while. And, most online storage services have encryption, including DriveHQ, which I switched to. Works fine so far (6 months).
  • Any professional who truly values his data should back it up to the time-proven backup media -- magnetic tapes -- and have more than one copy, and each copy stored at a different offsite location.

    Now having said that, since this is a lawyer you're talking about, he might deliberately wish to have his data stored on floppies so that when that data gets lost or unrecoverable, he can argue that since he is not a data storage professional expert, that he believed as a "reasonable person" would believe, that he

    • by ??? (35971)

      Apparently the bar associations and judges overseeing disciplinary hearings are no longer buying the "country bumpkin lawyer" defense. Or, at least, so said a lawyer who ought to know at a session at RSA last year (this _is_ Slashdot, so I'm too lazy to pull up the presentation from the Windows only USB stick they gave us as swag). There is starting to be a recognition that if you don't have the capacity to protect your clients' data, that you need to find somebody who does.

  • Online backup - Mozy (Score:3, Informative)

    by Bill Dimm (463823) on Wednesday April 15, 2009 @01:46PM (#27589089) Homepage

    Mozy (owned by EMC [mozy.com]) has some sort of deal with the ABA [mozy.com] to give members a discount, so I would take that to be somewhat of an endorsement for use by lawyers. I'm not affiliated with them in any way -- I just know about them because their booth was across from ours at the ABA TechShow.

  • by Beryllium Sphere(tm) (193358) on Wednesday April 15, 2009 @01:47PM (#27589111) Homepage Journal

    Questions to ask, if you're sure that online is the right approach:

    Will customers have access to their data when the service provider goes out of business? If so, how much delay will be involved? ("You can have your data when we get the server back from the repo man").

    There may be some standard telling lawyers to use reasonable care when handling privileged information. If there is, then by today's standards I'd personally argue that reasonable implies encrypted.

    Is deleted data really deleted? Does it live on in backups? Is it like Google, where ghosts of departed data linger in the cloud?

    The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information. I hope they're doing better now.

    • by corbettw (214229)

      The only thing I can tell you about bar association standards is that at one time the ABA was telling people that email was acceptable for communicating privileged information.

      Presumably, the rationale behind that stance was that no other common forms of privileged information is encrypted, either. And it doesn't even have to be secrete. It's just not admissible in court.

  • I have a relative that has been a lawyer for over two decades.

    I'm sorry. Have they sought treatment?

  • Well.. (Score:5, Insightful)

    by Absolut187 (816431) on Wednesday April 15, 2009 @01:53PM (#27589189) Homepage

    I'm an attorney and a computer engineer. Lawyers are way behind on technology. My impression is that the Oklahoma bar is probably way ahead of the curve for endorsing online storage. I know that most states have only recently adopted rules for dealing with electronic discovery.

    My main concern would be privacy. You start putting confidential client files on the internet, and if anything goes wrong you are looking at a malpractice suit for sure. Like other commenters I would recommend an external hard drive or two. One in a safe at home and one at the office.

    • Re: (Score:3, Insightful)

      by N7DR (536428)

      My main concern would be privacy. You start putting confidential client files on the internet, and if anything goes wrong you are looking at a malpractice suit for sure.

      I tried to explain that to a local lawyer who wanted to use gmail (unencrypted, of course) for his practice's e-mail. I could never get him to understand that there was anything even remotely wrong with doing what he wanted to do. So now he's doing it.

      Just as scary, none of his clients seem to think that it's a problem.

      This is one of those times that I just want to bang my head on a wall and scream (to myself, since no one else seems to listen), "Why does no one else get it?"

      And by talking to other lawyers

    • by jra (5600)

      Repeat after me:

      Spinning magnetic storage is not a backup.
      Spinning magnetic storage is not a backup.
      Spinning magnetic storage is not a backup.
      Spinning magnetic storage is not a backup.
      Spinning magnetic storage is not a backup.

      If you want to use magnetic storage for backups, use DLT or LTO tape, and make two copies, and keep them in different place.

      Or, y'know, just hire a friggin sysadmin, and ask him "so, what will your backup plan be", and then get a second opinion on his answer. :-)

      • Why isn't spinning magnetic storage a backup?

        Sure, it's more prone to break than some other storage media, but I doubt you don't have any backup media that can't be made to break, using stuff I've got in the house right now. If you rely on a supposedly indestructible backup medium, you're setting yourself up for a real disappointment.

        Just make sure you have adequate redundancy, check your backups, keep backups offsite in a safe place, and replace any failures immediately.

      • by Raenex (947668)

        Spinning magnetic storage is not a backup. If you want to use magnetic storage for backups, use DLT or LTO tape

        So, how do you read and write to those magnetic storage tapes? Do you spin them?

        Seriously, use whatever the hell you want, just make sure you have multiple copies at different sites, and regularly check that you can still access the data with checksums. Two online hard drives (or whatever they use -- the point is you don't care) at different providers is a great strategy.

  • "I am aware this is not a forum for legal advice, but do any IT professionals who work for law firms know about such rules and regulations?"

    I bet you can get a legal opinion for around $150/hour.

    Free legal advice is usually worth what you pay for it.
  • I am not a lawyer, but I do have a need to store, categorize and collaboratively edit documents.

    I use Opengoo, an opensource suite. I don't use the online editing function, but I *DO* use the checkin/checkout/versioning of the suite. And documents, etc. can be placed in separate workspaces and tagged accordingly with only identified individuals having access to only what they need.

    I have it hosted at my hosting company, which takes care of all my backup needs.

    Check it out at http://www.opengoo.org./ [www.opengoo.org]

  • by Minwee (522556) <dcr@neverwhen.org> on Wednesday April 15, 2009 @02:22PM (#27589515) Homepage

    Half of keeping copies of important documents is being able to retrieve them later on when you need them.

    You seem to understand that, which is why you are trying to convince your relative to move his data to a more reliable storage medium.

    The other half is in _not_ being able to retrieve them when it is inconvenient to do so. This is why there are floods, fires, mice, lost envelopes, poorly made photocopies and , in this case, corrupt old floppy disks. And as long as you have a storage system which is just barely good enough then you can lose anything you need to and nobody will even blink.

    It's all about identifying the client's needs. Give them what they really need, not just what they ask for.

  • The answer depends on how much he values his data, and what the different regulations are that affect lawyers. It also depends on what you mean by online. You seem to mean a web based application that will store information offsite.

    Irregardless, at the very minimum, the information should be stored on a series of redundant disks, whether this be a RAID or something else. A server would make the information more easily accessible as well as more secure from hardware failure. However, there is a certai
  • We had to support a nationwide practice, lawyers travelling worldwide, and offer the best security. Oh, and permit exchanging documents with the office staff for editing, updating with images, and of course distributing these securely to other counsel, courts, and clients.

    We started with Novell iFolder, set up a clustered solution, and did encrypted backups to a remote FTP server. Today I'd do this a little differently, but iFolder still works.

    'just text documents' doesn't begin to cut it. Much case mate

    • by geekoid (135745)

      You know, script writing software has solved the revision of documents problem, right?

      Put all the files in a directory, use pointers to reference them. This makes it easy to back up, removed redundant data, allows people to arrange there pointers any way they want that helps them do their job.

      Getting this going with legacy data is hard, but well worth it in the long run.

      iTunes for documents, if you will.

  • I spend a lot of time worrying about this.

    My recommendation is that definitely encrypt the data before, after, and over and over again. Then keep it somewhere safe outside the U.S. if confidentiality is the goal.

    Sorry, but there is nowhere in the United States where your privacy is safe anymore, and I would add many European countries to that list. Encrypt it, and then spread it around to several countries with reputations for protecting privacy.

    I would also not bank on keeping data in a data centers where

  • No one has yet commented that about 10000 floppies roughly equals a DL-DVD.
    The idea of indexing and storing 10000 floppies is incredible. He would have mentioned it.
    Therefore he does not have more than 10000 floppies.
    Solution is simple.
    Make a directory on the hard drive, fill it with files, burn to DL-DVD on a weekly or even daily basis.
    Keep this weeks backup in the desk drawer (just in case you delete the wrong file).
    Mail two weeks ago to some sort of iron mountain-esque facility. Or stick it in the bank

  • Wikileaks (Score:2, Informative)

    by Tokolosh (1256448)

    Please give some good advice, which is to use the latest and best system, endorsed by important entities everywhere.

    It is called "Wikileaks", and can be found using any search engine.

  • by s0litaire (1205168) * on Wednesday April 15, 2009 @03:30PM (#27590475)
    ...Spideroak.com

    I currently use it for backups. Some of it's coding is OSS. you get 2Gb free storage (which should be enough for you to test out the system.
  • You are wrong about clients being enraged. The vast bulk of lawyerly data has little archive value. Everything gets printed out on paper and if push comes to shove can be scanned in again. (Wife's a lawyer)
  • Ground up and in the freezer..

  • by techsoldaten (309296) on Wednesday April 15, 2009 @04:11PM (#27591141) Journal

    There are many services out there, but Wikileaks is what lawyers should probably be using.

    M

  • Come on, just makes sure he buys a couple 8 GB USB flash drives or 1-2 external HDs size hardly matters. Just tell him to copy everything to the key drive, then to the HD, then at the end of the day disconnect it all and toss it into the safe. Problem solved.

    The problem would be if he is running something older than Win2000 or WinXP. Then it would be painful to just plug in a usb flash or HD. At that point, I'd tell him to bite the bullet and spend the $600-900 on a decent laptop from walmart. Question him

  • also, (Score:3, Funny)

    by Khashishi (775369) on Wednesday April 15, 2009 @05:13PM (#27591879) Journal

    Where can I get a toilet seat designed specifically for lawyers?

You're already carrying the sphere!

Working...